Marcus Bakker
2db99b1fb7
Added a group YAML file and layer for FireEye's M-Trends 2020
2020-02-24 15:25:43 +01:00
Marcus Bakker
dae670a364
Made the date kv-pairs compatible with the YAML GUI
2020-02-10 21:57:35 +01:00
Marcus Bakker
b42b5f6bd9
removed an unnecessary line of code
2020-02-10 15:10:04 +01:00
Marcus Bakker
363beab8a5
Mapped data sources to platforms
2020-02-10 12:17:00 +01:00
Marcus Bakker
10f2c4bfd5
Updated to Python 3.8 Alpine
2020-02-10 07:42:16 +01:00
Marcus Bakker
077823ecae
Updated the Python packages
2020-02-10 07:39:49 +01:00
Marcus Bakker
4df0887070
Changed the platform and/or added some comments
2020-02-10 07:39:11 +01:00
Marcus Bakker
743ba247aa
Replaced "products: [None]" with an empty array
2020-02-04 13:38:14 +01:00
Marcus Bakker
700b64d518
Ignore all .git directories when building a Docker container
2020-02-04 13:35:48 +01:00
Marcus Bakker
1dbfe7c248
Another fix for when 'software_id' is not present in a group YAML file
2020-01-30 16:28:46 +01:00
Marcus Bakker
36a3379ea1
Merge pull request #17 from mavjs/bugfix/groups-software_id
...
Fix for when not having the 'software_id' present for a group YAML file.
2020-01-30 16:24:32 +01:00
Maverick
721ffbb43a
Fix having software_id present for group mapping
...
- As noted in the wiki, `software_id` is not a hard requirement for the
group mapping to work, however, it was previously not taking into
account that `software_id` maybe empty when getting group details.
2020-01-27 19:35:57 +01:00
Marcus Bakker
c93bb12216
Resolved issue #15
2020-01-06 12:00:27 +01:00
Marcus Bakker
1c7934c356
Docker image failed to build (in v1.2.5 this was no issue).
2019-12-17 15:10:56 +01:00
Marcus Bakker
b6cc65bc23
Fixed a bug that caused an invalid health error message.
2019-12-12 15:21:27 +01:00
Marcus Bakker
b3cca244d6
Added a 'platform' key-value pair
2019-12-12 15:07:56 +01:00
Marcus Bakker
26af7a4e26
Several small changes in some text.
2019-12-11 10:43:08 +01:00
Marcus Bakker
d545b5e040
bumped the version to 1.2.6
2019-12-11 10:41:39 +01:00
Marcus Bakker
80c8ad13ec
Updated the package plotly to it latest version
2019-12-11 10:40:17 +01:00
Marcus Bakker
afea99cfee
Added new functionality to include all ATT&CK techniques when generating a YAML file based on a data source YAML file.
2019-12-09 15:26:48 +01:00
Marcus Bakker
ed14d04a90
Multiple small changes (the listed techniques and/or assigned scores are unchanged)
2019-12-06 16:16:33 +01:00
Marcus Bakker
102f962c9a
Fixed the scoring
2019-12-06 14:28:58 +01:00
Marcus Bakker
b6a00a3955
Added new functionality to support a platform key-value pair in a group YAML file.
2019-12-06 13:50:16 +01:00
Marcus Bakker
64eb960c18
Added a group YAML file and layer for: the top 10 MITRE ATT&CK techniques Red Canary detected against the retail sector in 2019.
2019-12-06 13:25:33 +01:00
Marcus Bakker
2aea279f87
Added an extra health check for an empty item in the key-value pair 'applicable_to'.
2019-12-05 16:07:02 +01:00
Marcus Bakker
9885c63feb
Renamed "Data completeness" to "Data field completeness"
2019-12-05 15:53:57 +01:00
Marcus Bakker
e30e9ada16
fixed an issue that resulted in dates to be represented as strings
2019-12-05 15:44:36 +01:00
Marcus Bakker
ee98d1bd8a
Added new functionality that provides the capability to search over custom key-value pairs within a technique administration YAML file.
2019-12-05 14:45:34 +01:00
Marcus Bakker
40657c4e06
Removing revoked ATT&CK STIX objects
2019-12-05 10:46:44 +01:00
Marcus Bakker
c6ad00331a
- Fixed a bug that could result in an invalid message in the Excel for a missing ATT&CK data sources
...
- Added a health check for when the data source YAML file is missing an ATT&CK data source
2019-12-05 10:45:24 +01:00
Marcus Bakker
93dea65bbf
Added a health check for when the data source YAML file is missing an ATT&CK data source
2019-12-05 10:43:07 +01:00
Marcus Bakker
4a73fb52e3
Updated all packages to their latest version.
2019-12-05 10:37:43 +01:00
Marcus Bakker
567951174a
The cumulative count was broken due to upgrade of Pandas to version 0.25.3
2019-12-05 10:37:11 +01:00
Marcus Bakker
b185de70e4
Fixed the 'date_connected' for the source 'Office 365 audit logs'.
2019-12-05 10:35:53 +01:00
Marcus Bakker
28b26fb92c
Small fixes
2019-12-05 08:43:42 +01:00
Marcus Bakker
a952c34cac
Added new checks to make sure the metadata in a Navigator layer file is compliant with the expected data structure. Reported by @Sreeman.
2019-12-04 14:51:56 +01:00
Marcus Bakker
a72add80c1
Fixed a bug that resulted (within specific circumstance) in a wrong colour for visibility, when detection coverage is overlaid with visibility. Reported by @Sreeman.
2019-12-04 10:39:11 +01:00
Marcus Bakker
4e2f7b1adc
Added an extra health check for an empty item in the key-value pair 'location' of a detection. Reported by @Sreeman.
2019-11-29 12:22:10 +01:00
Marcus Bakker
dc092696f2
Fixed of a bug that caused a crash when having a None value for a detection or visibility comment. Reported by @Sreeman.
2019-11-29 12:17:33 +01:00
Ruben Bouman
64eb0fbc5d
Merge branch 'master' of development branch
2019-11-19 11:53:59 +01:00
Ruben Bouman
2be0549293
rename files
2019-11-19 11:46:22 +01:00
Ruben Bouman
400495ca03
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-11-19 11:39:32 +01:00
Ruben Bouman
c10f20b1b2
Added group yaml and layer file for the "ATT&CK Techniques and Trends in Windows Malware" publication by Kris Oosthoek and Christian Doerr.
2019-11-19 11:39:25 +01:00
Marcus Bakker
734aceebe3
Removed unnecessary code from the function "data_source_search"
2019-11-19 11:28:01 +01:00
Marcus Bakker
be31da063c
Bumped the version to 1.2.5
2019-11-19 10:26:02 +01:00
Marcus Bakker
7aacb7feb1
A fix for a bug that broke EQL searches on Data Source Administration YAML files
2019-11-19 10:10:15 +01:00
Ruben Bouman
fdd4f7b4b7
Fixed two bugs:
...
- Using 'all' in a data soursce file to generate a YAML file does not work: empty file.
- Having 'all' in a data source and then use --yaml result in a weird filename: data-sources-a-l-l
2019-11-18 14:27:25 +01:00
Marcus Bakker
77e580952e
Merge remote-tracking branch 'origin/master'
2019-11-15 20:52:27 +01:00
Marcus Bakker
74bba89627
Added the platforms from the October update.
2019-11-15 20:51:51 +01:00
Ruben Bouman
fb3a5982b8
Fix for a small bug that resulted in a stacktrace when using an invalid group name as overlay.
2019-11-14 15:12:26 +01:00